6

I need some advice on Customising Azure B2C.

I've been looking at both portal based customisation and the Identity Experience Framework.

My key requirement is to have full control of the look and feel of the login experience. However, users must not be able sign up as this is handled by a separate business process. I understand that I cannot use a simple SignIn policy as B2C doesn't provide the required level of customisation.

I'm unable to find any solid documentation that describe how/if this is possible.

I've followed this documentation for the Azure B2C Identity Experience Framework. But can't see where I would be able to disable signup.

https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started-custom

benembery
  • 666
  • 7
  • 20

1 Answers1

10

You can disable the sign-up button using the setting.showSignupLink metadata:

<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
  <DisplayName>Local Account Signin</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="setting.operatingMode">Email</Item>
    <Item Key="setting.showSignupLink">false</Item>
    <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
  </Metadata>
  <IncludeInSso>false</IncludeInSso>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="signInName" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
    <OutputClaim ClaimTypeReferenceId="password" Required="true" />
    <OutputClaim ClaimTypeReferenceId="objectId" />
    <OutputClaim ClaimTypeReferenceId="authenticationSource" />
  </OutputClaims>
  <ValidationTechnicalProfiles>
    <ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
  </ValidationTechnicalProfiles>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
Chris Padgett
  • 14,186
  • 1
  • 15
  • 28
  • @Chirs Padgett thanks you for your answer. Comparing it with the [documentation](https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started-custom) and [starter kit](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/) it seems that it is also important to remove the following `SignUpWithLogonEmailExchange` Could you confirm this is the case? I found the example [here](https://stackoverflow.com/questions/47292082/can-i-disable-sign-up-in-azure-ad-b2c) – benembery Nov 15 '18 at 11:29
  • Hi @benembery Yes, you can remove the `SignUpTarget` metadata, as well. Previously, before the `setting.showSignUpLink` was added by Microsoft, removing `SignUpTarget` was the only method for *preventing* users from clicking the sign-up link (which is why you the other answer was posted by @spottedmahn). – Chris Padgett Nov 15 '18 at 20:50
  • Thanks very much for the advice. – benembery Nov 15 '18 at 21:39